top | item 44876463

(no title)

There's a really interesting article from Tavis Ormandy about the instruction set and virtual machine used in RAR: https://blog.cmpxchg8b.com/2012/09/fun-with-constrained-prog....

The docs for the toolchain he implemented (https://github.com/taviso/rarvmtools) allude to a number of bugs, but doesn't sound (??) like they're related to this vulnerability.

discuss

LegionMammal978|6 months ago

The VM has long since been torn out of the RAR decompressor. These days, when it finds a file containing bytecode, it just hashes the bytecode and matches it against a few hardcoded routines that existed at the time.

zzrrt|6 months ago

Sounds like a good ingredient for a CTF or other puzzle. It could be a small obfuscation where player has to install an ancient version with the VM, or get crazier with a byecode hash collision or abusing undocumented VM quirks.